1. Field of the Invention
This invention pertains to packet filtering. More specifically, it relates to a use of small, optimized sequences of binary 5-tuples representing filter rules to achieve space efficient packet filtering, and the use of a procedure table to support dynamic and extensible processing behavior at the occurrence of a triggering event.
2. Related Art
Packet filtering is a function which provides network access control, or firewall-type, capabilities to various network systems. Packet filtering achieves such firewall-type capabilities by checking each network packet sent from or received by a networked device, or node, in a communications network, and making a decision based on such a check.
Most packet filters in the prior art allow network administrators, system administrators, networked device owners, and the like to define specific filtering rules via an operational graphical user interface (GUI). However, most packet filters simply allow a user to specify whether a packet should be discarded or allowed to continue based on such decisions. These are termed “deny” and “allow” actions, or rules. Those approaching the state of the art, such as the system taught by U.S. Pat. No. 6,182,228 B1, to Edward Boden et.al., which issued Jan. 30, 2001 (the '228 patent), have increased the number of actions available to packet filters to include an action that logs specific information based on packet data.
Allow, deny, and log filter rules are most commonly entered as an ordered list of rules which are processed sequentially from top to bottom, where the order is specified by the rule author, often a system or network administrator. Each rule allows or denies a certain kind of network traffic. In more secure packet filters, packet processing continues through all rules until the packet is explicitly allowed, explicitly denied, or there are no more rules, in which case the packet is denied. Usually fairly large, complex filter rule sets must be written for each protocol a networked device is to support.